netfilter: xtables: compat out of scope fix

As per C99 6.2.4(2) when temporary table data goes out of scope, the behaviour is undefined: if (compat) { struct foo tmp; ... private = &tmp; } [dereference private] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: stable@kernel.org Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Alexey Dobriyan <adobriyan@gmail.com> 2010-02-08 11:17:43 -0800
committer: David S. Miller <davem@davemloft.net> 2010-02-08 11:17:43 -0800
commit: 14c7dbe043d01a83a30633ab6b109ba2ac61d9f7 (patch)
tree: 0358b6f285036f64c5f5cd6aac4bd2b0768fee8e /net/ipv6/netfilter/ip6_tables.c
parent: netfilter: nf_conntrack: restrict runtime expect hashsize modifications (diff)
download: linux-dev-14c7dbe043d01a83a30633ab6b109ba2ac61d9f7.tar.xz
linux-dev-14c7dbe043d01a83a30633ab6b109ba2ac61d9f7.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 480d7f8c9802..8a7e0f52e177 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1164,10 +1164,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
 	if (t && !IS_ERR(t)) {
 		struct ip6t_getinfo info;
 		const struct xt_table_info *private = t->private;
-
 #ifdef CONFIG_COMPAT
+		struct xt_table_info tmp;
+
 		if (compat) {
-			struct xt_table_info tmp;
 			ret = compat_table_info(private, &tmp);
 			xt_compat_flush_offsets(AF_INET6);
 			private = &tmp;
author	Alexey Dobriyan <adobriyan@gmail.com>	2010-02-08 11:17:43 -0800
committer	David S. Miller <davem@davemloft.net>	2010-02-08 11:17:43 -0800
commit	14c7dbe043d01a83a30633ab6b109ba2ac61d9f7 (patch)
tree	0358b6f285036f64c5f5cd6aac4bd2b0768fee8e /net/ipv6/netfilter/ip6_tables.c
parent	netfilter: nf_conntrack: restrict runtime expect hashsize modifications (diff)
download	linux-dev-14c7dbe043d01a83a30633ab6b109ba2ac61d9f7.tar.xz linux-dev-14c7dbe043d01a83a30633ab6b109ba2ac61d9f7.zip